Here are 7 password tips to help improve your online security

Pieces
of an iPhone are seen in a repair store in New York, February 17,
2016.REUTERS/Eduardo
Munoz

How strong is your password, really? Do you use the same one on a
number of accounts? Or refer to your dog Fluffy in all of them?
Chances are you could use a change.

About 73 percent of online accounts are guarded by duplicate
passwords, according to a 2015 report by TeleSign, an internet
security firm, and 54 percent of those surveyed use five or fewer
passwords across their online accounts.

Meanwhile, just over 10 percent of consumers use one of the 25
worst passwords of 2016, according to SplashData, a provider of
password management applications, which analyzed more than 5
million leaked passwords used by users in North America and
Western Europe.

Topping the list of the worst passwords? 123456, password, 12345,
12345678, football and qwerty.

The problem with this is that our passwords are a key component
of our lives, and as more of the services we rely on every day
move online, the stakes grow ever higher.

It may seem overwhelming, but you can improve your internet
security today with these seven tips.

1. Create strong passwords

What does that mean? Ideally, a password should be at least 10 to
15 characters and include a mix of lower case and capital
letters, numbers and special characters such as @, $, or *. It
should also be unrelated to any of your prior passwords.

Struggling to think of something? You can use a password
generator (there are a number of free options available), or pick
a short sentence or phrase to use as inspiration and replace
certain letters with numbers or special characters. For example,
you could channel Cookie Monster and go with, “W@nT~C0oK13$.”

2. Avoid passwords containing info easily found
online

Part of having a strong password is not using information someone
could easily (or even not-so-easily) figure out by checking out
your social media accounts. That means if you constantly post
about your cat, Fluffy, don’t make your password Fluffy_Lv3r.

Consider the whole extent of the information out there. While
H@rRy*P0tt3r is generally a strong password, don’t use it if you
are a member of a Harry Potter fan club or post quizzes to your
page like “What Hogwarts House Would You be Sorted Into?”

The same goes for those account security questions you are
sometimes asked to fill out. If your Facebook includes
information on where you went to high school avoid the security
question like, “What was your high school mascot?”

3. Use a unique password for every website or
app

It may be super annoying, but sorry, you’ve got to do it. You
need to have a different password for all your different
accounts.

You might think a security breach at, say, LinkedIn doesn’t
matter—they have your resume, so what? But if you use the same
password, or even a similar one, for LinkedIn as you do for your
bank account, or Facebook, or any number of other applications a
hacker can soon find a way to wreak havoc in your financial and
personal life.

Need help remembering all those passwords? There are a number of
options for keeping track. You can download a password manager
app, or if you don’t feel comfortable keeping that info in the
cloud, you can also just create a document on your computer and
encrypt that with a password. If you are more the pen-and-paper
type, you can keep a list at home.

“In some scenarios, writing down passwords isn’t a terrible thing
(it’s offline) provided you protect what you have written and
where you store it,” said Whitney Hewatt, a lead security
engineer at FINRA. “Certainly don’t store such things right next
to any systems you use making it easy to find such lists.”

4. Avoid linked accounts

While we are on the subject, avoid linked accounts. What does
that means? That means when you are new to a website and it says
you can create a new account, or you can link the account to use
your Facebook or Email log in, just create the new account
instead.

When you log in using another account, you are usually allowing
that website to have some of your data, whether you realize it or
not. That may be a privacy concern and may make identity theft
easier. But beyond that, allowing one account to have access to
others means that if the least secure account is hacked, the rest
could also be compromised.

5. Use multi-factor authentication

When possible, use multi-factor authentication, or two-factor
authentication, particularly for your email accounts. Many e-mail
providers now allow for this, including Gmail, Microsoft Mail and
others.

“Protect your email accounts as best you can,” Hewatt said.
“Enable this setting to provide an added layer of security where
you authenticate and then have to use another validation process,
such as a code sent by text or authenticating app to secure the
logon process.”

You should do this whenever possible, but your email account is
particularly important. Your email address is also where password
resets are typically sent, so it’s imperative that you protect
your email address in order to protect all other accounts. Not to
mention how much other information a hacker could get from your
email account: your address, possibly medical information or
information on your financial accounts and utility accounts.

6. Beware where you enter your password

Be aware of possible risks such as using public kiosks and
charging stations when logging on to any site or app you use.
There may be malware or virus designed to capture any information
you type on the machine.

“You never know who manages these systems or how securely they
are configured,” said Hewatt.

The same goes for pubic Wi-Fi. Public Wi-Fi might be convenient
and easy on your wallet as you look to avoid data overage charges
from your cellular provider, but steer clear of entering your
password into any website from a public network, be it at an
airport or your favorite coffee shop, or in a college classroom
or hotel room.

“Until better security solutions created, traffic on open
networks can generally be discovered by anyone else on that
network,” Hewatt said. “You are better off using cellular
communications when possible,” he said.

And never change your password on a public network or a public
machine.

7. Take note when a data breach
occurs

If you hear about a possible data breach of a website or app you
use, don’t just assume others were affected, but not you. Take
steps to determine if your credentials have been stolen.

You can reach out to the company that was hacked, or use test
sites to determine if your credentials were stolen. Have I Been Pwned is one option that tracks
many of the known data breaches. You can enter a user name or
email address to determine if one of your accounts is located on
lists which have already been dumped to the internet for public
download.

“This may not be your actual password, but a scrambled version of
it that is easily deciphered by common tools” Hewatt said. “If
you encounter this, change your password right away.”